You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST is within this project.
HttpClientInit: The implementation in line 143 calls the method TrustManagerFactory.getDefaultAlgorithm() that relies on defaults and can be altered at runtime JCA. Thus, analyses like CogniCryptSAST consider these usages as insecure as the used TrustManager may be insecure.
We hope that this report helps you and would be glad to get your thoughts on this issue.
The text was updated successfully, but these errors were encountered:
I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST is within this project.
TrustManagerFactory.getDefaultAlgorithm()that relies on defaults and can be altered at runtime JCA. Thus, analyses like CogniCryptSAST consider these usages as insecure as the used TrustManager may be insecure.We hope that this report helps you and would be glad to get your thoughts on this issue.
The text was updated successfully, but these errors were encountered: